Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master terramaster operating system vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS prior to 3.0.34 leads to remote code execution as root.
Terra-master Terramaster Operating System
9.8
CVSSv3
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
6.1
CVSSv3
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing users by placing JavaScript in their usernames.
Terra-master Terramaster Operating System 3.1.03
6.1
CVSSv3
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
Terra-master Terramaster Operating System 3.1.03
5.4
CVSSv3
CVE-2018-13335
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing shared folders via their descriptions.
Terra-master Terramaster Operating System 3.1.03
5.4
CVSSv3
CVE-2018-13337
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows malicious users to control users' session cookies via JavaScript.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute SQL queries via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
7.5
CVSSv3
CVE-2018-13352
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows malicious users to view active session tokens in a world-readable directory.
Terra-master Terramaster Operating System 3.1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »